I'd highly doubt there could be an actual vulnerability for a firewall like this. It looks like the ufw & docker issue was due to docker not respecting ufw rules, requiring iptables to be disabled before it would follow ufw rules. Its not a vulnerability per-se but more of a configuration issue. https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/ My own experience (when I last tried using it 10 years ago) was that iptables has a huge number of flags and positional arguments to memorize, and then time testing every change made to see whether it had worked. I was admittedly using it to make my server act as a firewall and pass through internet traffic to the rest of my lan on a different interface, something portmaster can't do. Glad you feel comfortable with it. FWIW portmaster does have several other neat features like custom DNS, monitoring, filter lists (eg Ads/malware) and the paid version can do inspection on individual applications.
Discussion
You're right, it was more of an issue with docker than with ufw. But there's still a lesson in it: more moving pieces, more stuff that can go wrong.
For me, there's more likelihood I'd mess up an iptables configuration and leave a glaring hole for things leak through. With portmaster I have most apps on prompt by default so I get to evaluate things & add more rules on a per-app per-connection basis that I could never handle with iptables.